This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: -fno-stack-protector
- From: "Carlos O'Donell" <carlos at systemhalted dot org>
- To: "Mike Frysinger" <vapier at gentoo dot org>
- Cc: libc-help at sourceware dot org, "Mark Seaborn" <mrs at mythic-beasts dot com>
- Date: Tue, 6 May 2008 07:39:01 -0400
- Subject: Re: -fno-stack-protector
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=dLCcV2Ja8UWNVmhGDa0LvozfWL9Ih75pePMQfEq5XPI=; b=uBYfUABA4ePfur5DuTlj+SPqUE/8u0JPvG5n5SgUO+oJ894P6oBIKXsd656ZuhMJF862sFk7DQGGZqe8LcMgMp6L96gjHe6wEp/hyFRfcK2QA1CuphJFdUQoLz9XzskFXUbUraJtVR2conRkGXKY23nLKKtGrZ0LTnwKVpHFY00=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=ADNpW9i7hXlaUq5PUC6Qh3PSsEzkwYN1QfhOUur5eoMSEfL356nx7ZPKqEc2XHnUmDUHdVA7x4M3hANVLQqOebZhg6xsNbOLipL7BjaZeFde+mkBpDgTkDCINlYzw91B9iUChfhLex1xQnqtovgC9ogM2Ysk9a05d8I7doAvAi4=
- References: <alpine.DEB.1.00.0805031211310.10349@canta> <200805051203.02134.vapier@gentoo.org> <20080505.194416.713551054.mrs@localhost.localdomain> <200805052208.57344.vapier@gentoo.org>
On Mon, May 5, 2008 at 10:08 PM, Mike Frysinger <vapier@gentoo.org> wrote:
> glibc follows the general redhat policy: only daemons that are networked are
> built as PIEs with SSP. that means only nscd is built as a PIE with SSP
> enabled. Hardened Gentoo takes a more extreme approach: build the entire
> system as PIEs with SSP.
Has anyone written up a quantitative report on the benefits of
building the whole system PIE + SSP?
Cheers,
Carlos.